CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49853 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49853
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49852 – Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49852
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49851 – Improper Authentication in ControlID iDSecure On-premises
https://notcve.org/view.php?id=CVE-2025-49851
24 Jun 2025 — ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 3CVE-2023-6329 – Control iD iDSecure passwordCustom Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6329
27 Nov 2023 — An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. [TIPO DE PROBLEMA] en [COMPONENTE] en [PROVEEDOR] [PRODUCTO] [VERSIÓN] en [PLATAFORMAS] permite que [ATACANTE] [IMPACTE] a través de [VECTOR] • https://packetstorm.news/files/id/180858 • CWE-287: Improper Authentication •